Professional Documents
Culture Documents
Blockchains: Architecture, Design and Use Cases
Blockchains: Architecture, Design and Use Cases
1
Image courtesy: http://beetfusion.com/
CONSENSUS IN BITCOIN
2
Consensus in Bitcoin
Observation - 1: Tx15
• Any valid block (a block with all valid Tx16
Tx17
transactions) can be accepted, even if it is Tx18
proposed by only one miner
Consensus in Bitcoin
Observation - 2: Tx15
• The protocol can work in rounds Tx16
Tx17
• Broadcast the accepted block to the peers Tx18
• Collect the next set of transactions
Consensus in Bitcoin
Tx1 Tx6
Tx11 Note: This communication Tx15
Tx2 Tx7 Tx16
Tx3 Tx8
Tx12 can work asynchronously
Tx13 Tx17
Tx4 Tx9
Tx14
Tx5 Tx10
?
Tx15
Tx16 Tx15
Tx18 Tx16
Tx19 Tx17
I have the solution Tx18
SOL
?
Consensus in Bitcoin
Tx15
Tx16 Tx15
Tx18 Tx16
Tx19 Tx17
I have the solution Tx18
SOL
?
Consensus in Bitcoin
Tx17
Tx1 Tx6 Tx15 Tx20
Tx11
Tx2 Tx7 Tx16 Note: Everyone Tx21
Tx12
Tx3 Tx8 Tx18 can see that Tx18 Tx22
Tx13
Tx4 Tx9 Tx19 and Tx19 have Tx23
Tx14
Tx5 Tx10 been committed, ?
but Tx17 has not
Tx17 been committed. Tx17
Tx20 Include that in Tx20
Tx21 the next round Tx21
Tx22 Tx22
Tx23
?
?
Proof of Work (Pow)
• An economic measure to deter service abuses by requiring some work
from the service requester (usually processing time by a computer)
• The idea came from Dwork and Naor (1992), to combat junk emails
– You have to do some work to send a valid email
– The attacker would be discouraged to send junk emails
Dwork, Cynthia; Naor, Moni (1993). "Pricing via Processing, Or, Combatting Junk Mail, Advances in
Cryptology". CRYPTO’92: Lecture Notes in Computer Science No. 740. Springer: 139–147.
Proof of Work (PoW) Features
• Asymmetry
– The work must be moderately hard, but feasible for the service
requester
– The work must be easy check for the service provider
• Service requesters will get discouraged to forge the work, but service
providers can easily check the validity of the work
Cryptographic Hash as the PoW
• Use the puzzle friendliness property of cryptographic hash function as
the work
– Given 𝑋𝑋 and 𝑌𝑌, find out 𝑘𝑘, such that 𝑌𝑌 = 𝐻𝐻𝐻𝐻𝐻𝐻𝐻(𝑋𝑋||𝑘𝑘)
– It is difficult (but not infeasible) to find such 𝑘𝑘
– However, once you have a 𝑘𝑘, you can easily verify the challenge
X-Hashcash:
1:20:180401:sandipc@cse.iitkgp.ac.in::0000000267674
b591257b87:6078
• Compute the 160 bit SHA-1 hash of the entire received string
1:20:180401:sandipc@cse.iitkgp.ac.in::0000000267674b591257b87:6078
– If the first 20 bits are not zero then it is invalid
Hashcash PoW
• On average, the sender will have to try 220 hash values to find a valid
header (takes about a few seconds in a general purpose computer)
– There are 2160 possible hash values
– 20 zero bits at the beginning – 2140 possible hash values that satisfy
this criteria
– Chance of randomly selecting a header with 20 zero bits at the prefix is
1 in 220
• The miners collect the transactions for 10 minutes (default setup) and
starts mining the PoW
1
Image courtesy: http://beetfusion.com/
• The miners collect the transactions for 10 minutes (default setup) and
starts mining the PoW
• The solution:
– The transactions are irreversible
(computationally impractical to modify)
– Every transaction can be validated against
the existing blockchain
Sybil Attacks
• Attacker attempts to fill the network with the clients under its control
– Refuse to relay valid blocks
– Relay only attacked blocks – can lead to double spending
• Solution:
– Diversify the connections – Bitcoin allows outbound connection to one
IP per /16 (a.b.0.0) IP address
Denial of Service (DoS) Attacks
• Send lot of data to a node – they will not be able to process normal Bitcoin
transactions
• Solutions:
– No forwarding of orphaned blocks
– No forwarding of double-spend transactions
– No forwarding of same block or transactions
– Disconnect a peer that sends too many messages
– Restrict the block size to 1 MB
– Limit the size of each script up to 10000 bytes
– …
Breaking Bitcoin PoW
• Bitcoin PoW is computationally difficult to break, but not impossible
• Attackers can deploy high power servers to do more work than the total
work of the blockchain
Source: https://www.planetblockcha.in/2018/03/27/bitcoin-is-dead/
Handling Monopoly and Power Consumption - Proof of Stake (PoS)
• PoW vs PoS
– PoW: Probability of mining a block depends on the work done by the
miner
– PoS: Amount of bitcoin that the miner holds – Miner holding 1% of the
Bitcoin can mine 1% of the PoS blocks.
Proof of Stake (PoS)
• Provides increased protection
– Executing an attack is expensive, you need more Bitcoins
– Reduced incentive for attack – the attacker needs to own a majority of
bitcoins – an attack will have more affect on the attacker
• Variants of “stake”
– Randomization in combination of the stake (used in Nxt and BlackCoin)
– Coin-age: Number of coins multiplied by the number of days the coins
have been held (used in Peercoin)
Proof of Burn (PoB)
• Miners should show proof that they have burned some coins
– Sent them to a verifiably un-spendable address
– Expensive just like PoW, but no external resources are used other than
the burned coins
• Basic idea:
– Each participant in the blockchain network waits a random amount of
time
– The first participant to finish becomes the leader for the new block
PoET over Trusted Environments
• How will one verify that the proposer has really waited for a random
amount of time?
– Utilize special CPU instruction set – Intel Software Guard Extension
(SGX) – a trusted execution platform
– The trusted code is private to the rest of the application
– The specialized hardware provides an attestation that the trusted code
has been set up correctly
Interesting Reads …
• Analysis of hashrate-based double-spending, by Meni Rosenfeld -
https://bitcoil.co.il/Doublespend.pdf
1
Image courtesy: http://beetfusion.com/
THE MINERS
2
The Life of a Miner
• Validate transactions and construct a block
• Use hash power to vote on consensus and commit transactions with a new
block
• Listen for new blocks – validate and re-broadcast a new block when it is
proposed
current_difficulty = previous_difficulty *
(2 weeks in milliseconds)/(milliseconds to
mine last 2016 blocks)
Hash-rate versus Difficulty
• The hash is a random number between 0 and 2256-1
– To find a block, the hash must be less than a given target
Source: http://bitcoin.sipa.be/
Mining Hardware
• Specialized hardware
– GPU
– FPGA
• ASIC
– Released in 2013
– Fast computation of
SHA256
Image source:
https://steemkr.com/bitcoin/@pawank/bitcoin-mining
TerraMiner IV
• ASIC based bitcoin mining rig
• 2 Terahash per second
• Cost: USD 3500 approx
Mining Pool
• Pooling of resources by the miners
• Cons
– Leads to centralization
– Discourages miners for running complete mining procedure
Summary – Permissionless Blockchain and Bitcoin
• The permissionless or open model of blockchain – any user can join the network
and participate in transactions
– Bitcoin is developed on this principle
1
Image Source: https://nem.io/enterprise/
Permissioned Blockchain – I
Basics
2
Permissioned Model
• However, users may not trust each other – Security and consensus are
still required.
Auditor
Smart Contracts
• Remember the bitcoin scripts – you can change the script to control
how the money that you are transferring to someone can be spend further
– Your friend can use that money immediately
– Your friend can use that money after 2 months
Smart Contracts
Source: http://www.scalablockchain.com/smartcontract.html
Design Limitations
• Sequential Execution
– Execute transactions sequentially based on consensus
– Requests to the application (smart contract) are ordered by the
consensus, and executed in the same order
– This give a bound on the effective throughput – throughput is
inversely proportional
– Can be a possible attack on the smart contract platform – introduce
contract which will take long time to execute
Design Limitations
• Non-deterministic Execution
– Consider golang – iteration over a map may produce a different order
in two executions
• Non-deterministic Execution
– Smart-contract execution should always needs to be deterministic;
otherwise the system may lead to inconsistent states (many fork in
the blockchain)
– Solution: Domain specific language (DSL) for smart contract
Design Limitations
• State machine
– A set of states (S) based on the
system design
– A set of inputs (I)
– A set o outputs (O)
– A transition function 𝑆𝑆 × 𝐼𝐼 → 𝑆𝑆
– A output function 𝑆𝑆 × 𝐼𝐼 → 𝑂𝑂
– A start state
Image source: commons.wikimedia.org
Smart Contract State Machine - Crowd-Funding
Alice transferred
Bob transferred the committed
the committed Bob money Job 1 Job 1 Job 2
money donated done complete done
5. Sync the state machines across the servers, to avoid any failure.
Distributed State Machine Replication
1
Image Source: https://nem.io/enterprise/
Permissioned Blockchain - II
Consensus Algorithms
2
Why Distributed Consensus
One Decision No
Maker Consensus
Why Distributed Consensus
Multiple Consensus
Decision Maker Required
Why Distributed Consensus
• Reaching agreement in distributed computing
• Replication of common state so that all processes have same view
• Applications:
– Flight control system: E.g. Boeing 777 and 787
– Fund transferring system: Bitcoin and cryptocurrencies
– Leader election/Mutual Exclusion
Why Distributed Consensus
• So, no need of consensus in a single node process.
• What about when there are two nodes?
• Network or partitioned fault, consensus cannot be reached
Faults in Distributed Consensus
• Crash Fault
• Network or Partitioned Faults
• Byzantine Faults
– malicious behaviour in nodes
– hardware fault
– software error
Consensus for three processes
• Termination:
– Eventually each correct process sets its decision variable
• Agreement:
– The decision value of all correct processes is the same
• Integrity:
– If the correct processes all proposed the same value, then any
correct process in the decided state has chosen that value
Different Algorithms
• Crash or Network Faults:
• PAXOS
• RAFT
• accept/decline: whether
prepare accepted or not
• proposal number: biggest
number the acceptor has
seen
• accepted values: already
accepted values from other
proposer
Accepting a Value: Proposer’s Decision Making
• Proposer receive a
response from majority
of acceptors before
proceeding
Accepting a Value: Accept Message
• proposal number:
same as prepare phase
value
• value: single value
proposed by proposer
Accepting a Value: Notifying Learner